Jump to content

One network, two domains

Guest Wowbagger

By Guest Wowbagger
in Windows 2003 Server

 Share

Recommended Posts

Guest Wowbagger

Guest Wowbagger

Posted
Posted

In the building there is one physical network and one Windows (2000?) server

that serves up DHCP assignments, handles the gateway and so forth. For most

people in the building they use this domain and all is well.

 

There is another group of people in the building with their own 2003 server.

Aside from the physical wiring, DHCP and gateway they have absolutely

nothing to do with the domain that everybody else uses. The few exceptions

above aside, there is absolutely zero resource sharing between this group

and the existing domain.

 

They would like to set up their own domain, active directory, sharepoint and

other services. The 2003 server is already configured to provide DNS

services to people within the group, but AD can't be installed until the box

is promo'ed to a domain controller.

 

Will having two domain controllers on the same network pose any problems as

long as all of the users on the local network using the new domain (on the

2003 box) perform DNS queries on the 2003 box first?

  • Replies 8
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Phillip Windell

Guest Phillip Windell

Posted
Posted

Re: One network, two domains

 

It would be fine apart from the fact that the DNS requirements would be

different so you could not fully use DHCP for the second Domain. You would

have to use static addressing or you would have to remove DNS from the *all*

Scopes and assing DNS manually for everybody. If you look in the TCP/IP

Config of any Windows machine you can see that you can use DHCP but still

statically assign DNS.

 

But personally I'd only want to "mess" with static settings on one domain

rather than every single machine plus the modification to the Scopes. So I

would leave the first Domain alone and not mess with it, then statically

assign the TCP/IP specs of the clients of the second domain.

 

Better yet,...I would probably create a second IP Segment (it ain't hard to

do) for the second domain and avoid the whole mess. Buy a Layer3

Switch,...split the switch ports down the middle with a pair of VLANs, move

the patch cables to the correct "side" of ports to be in the correct

segment,...and go with it. Hang additional Layer2 switches off of the

correct VLAN'ed group of ports to extend if you need more ports. The

Switch/Router won't require any additional routing at this point and it will

certainly be *handy* to have to make future routing decisions in one central

location as your needs change. The Firewall Device will need a Static Route

added to it to tell it to use the Layer3 Switch (the LAN Router) as the path

to get to the opposite subnet.

 

This Layer3 Switch/Router setup will also give you the extremely simple

means of access control between the two Segments/Domain using ACLs on the

router,...this is probably something else you will want to do in the future.

Always think of the future,..always take advantage of reasons to buy new

equipment to better the network design, those opportunities may not happen

often,..and this could be one of those justifyable reasons to buy the Layer3

Switch/Router.

 

 

--

Phillip Windell

http://www.wandtv.com

 

The views expressed, are my own and not those of my employer, or Microsoft,

or anyone else associated with me, including my cats.

-----------------------------------------------------

 

 

 

"Wowbagger" <Wowbagger~~> wrote in message

news:%23VNSos71IHA.1768@TK2MSFTNGP03.phx.gbl...

> In the building there is one physical network and one Windows (2000?)

> server that serves up DHCP assignments, handles the gateway and so forth.

> For most people in the building they use this domain and all is well.

>

> There is another group of people in the building with their own 2003

> server. Aside from the physical wiring, DHCP and gateway they have

> absolutely nothing to do with the domain that everybody else uses. The

> few exceptions above aside, there is absolutely zero resource sharing

> between this group and the existing domain.

>

> They would like to set up their own domain, active directory, sharepoint

> and other services. The 2003 server is already configured to provide DNS

> services to people within the group, but AD can't be installed until the

> box is promo'ed to a domain controller.

>

> Will having two domain controllers on the same network pose any problems

> as long as all of the users on the local network using the new domain (on

> the 2003 box) perform DNS queries on the 2003 box first?

>

>

Guest Wowbagger

Guest Wowbagger

Posted
Posted

Re: One network, two domains

 

"Phillip Windell" <philwindell@hotmail.com> wrote in message

news:%23QR8l671IHA.5512@TK2MSFTNGP06.phx.gbl...

> It would be fine apart from the fact that the DNS requirements would be

> different so you could not fully use DHCP for the second Domain. You would

> have to use static addressing or you would have to remove DNS from the

> *all* Scopes and assing DNS manually for everybody.

 

This won't be a problem - there's only a dozen machines or so that I'll have

to mess with.

> But personally I'd only want to "mess" with static settings on one domain

> rather than every single machine plus the modification to the Scopes. So

> I would leave the first Domain alone and not mess with it, then statically

> assign the TCP/IP specs of the clients of the second domain.

 

Don't even have a choice about that one - the first domain is 100% out of my

control. Can't do a thing with it.

> Better yet,...I would probably create a second IP Segment (it ain't hard

> to do) for the second domain and avoid the whole mess.

 

Not hard to do, and if I had any kind of power over the networking of the

building then I'd get a gig-e switch for my group and start to upgrade the

machines to the faster NICs as needed. When I find a gig-e switch on sale

for $150 or so I'll probably pull the trigger on that, but don't expect to

see those prices for another 18 months or so. The gig-nics are showing up

on sale for $20 once in a great while so prices are still slowly coming

down.

Guest Bill Grant

Guest Bill Grant

Posted
Posted

Re: One network, two domains

 

 

 

"Wowbagger" <Wowbagger~~> wrote in message

news:OUd0eP81IHA.2064@TK2MSFTNGP05.phx.gbl...

> "Phillip Windell" <philwindell@hotmail.com> wrote in message

> news:%23QR8l671IHA.5512@TK2MSFTNGP06.phx.gbl...

>

>> It would be fine apart from the fact that the DNS requirements would be

>> different so you could not fully use DHCP for the second Domain. You

>> would have to use static addressing or you would have to remove DNS from

>> the *all* Scopes and assing DNS manually for everybody.

>

> This won't be a problem - there's only a dozen machines or so that I'll

> have to mess with.

>

>> But personally I'd only want to "mess" with static settings on one domain

>> rather than every single machine plus the modification to the Scopes. So

>> I would leave the first Domain alone and not mess with it, then

>> statically assign the TCP/IP specs of the clients of the second domain.

>

> Don't even have a choice about that one - the first domain is 100% out of

> my control. Can't do a thing with it.

>

>> Better yet,...I would probably create a second IP Segment (it ain't hard

>> to do) for the second domain and avoid the whole mess.

>

> Not hard to do, and if I had any kind of power over the networking of the

> building then I'd get a gig-e switch for my group and start to upgrade the

> machines to the faster NICs as needed. When I find a gig-e switch on sale

> for $150 or so I'll probably pull the trigger on that, but don't expect to

> see those prices for another 18 months or so. The gig-nics are showing up

> on sale for $20 once in a great while so prices are still slowly coming

> down.

>

>

 

If you are stuck with running both domains on the same segment, it is

definitely possible as Phillip outlined. You can't run DHCP for the second

domain so you will need to configure them all manually and set them to use

the correct DNS server and gateway. You will also need to make sure that you

do not duplicate any IP addresses which DHCP might hand out. Can you get the

sysadmin of the first domain to reserve a block of IPs in the DHCP scope?

Guest Phillip Windell

Guest Phillip Windell

Posted
Posted

Re: One network, two domains

 

 

"Wowbagger" <Wowbagger~~> wrote in message

news:OUd0eP81IHA.2064@TK2MSFTNGP05.phx.gbl...

> Not hard to do, and if I had any kind of power over the networking of the

> building then I'd get a gig-e switch for my group and start to upgrade the

> machines to the faster NICs as needed. When I find a gig-e switch on sale

> for $150 or so I'll probably pull the trigger on that, but don't expect to

> see those prices for another 18 months or so. The gig-nics are showing up

> on sale for $20 once in a great while so prices are still slowly coming

> down.

 

I think you misunderstand what I mean by a Layer3 Switch.

 

1. It doesn't have anything to do with Gigabit.

2. Most I have seen are 10/100 but 10/100/1000 are getting more popular.

3. $20 might buy the power cord to a Layer3 Switch. The cheaper ones might

be around $500 (guessing) with up in the 1,000's for better ones. We have

about $15,000.00 wrapped up in ours that uses a Chassis/Module design.

 

 

--

Phillip Windell

http://www.wandtv.com

 

The views expressed, are my own and not those of my employer, or Microsoft,

or anyone else associated with me, including my cats.

-----------------------------------------------------

Guest Wowbagger

Guest Wowbagger

Posted
Posted

Re: One network, two domains

 

"Bill Grant" <not.available@online> wrote in message news:ehtQvi%

> Can you get the sysadmin of the first domain to reserve a block of IPs in

> the DHCP scope?

 

Unfortunately, no. I'm 100% on my own with this. Some day I'll be able to

physically separate the two - a switch plus a NAT to bridge between my

segment and everybody else would probably do the trick.

Guest Wowbagger

Guest Wowbagger

Posted
Posted

Re: One network, two domains

 

"Phillip Windell" <philwindell@hotmail.com> wrote in message

news:Owbb8sF2IHA.4004@TK2MSFTNGP03.phx.gbl...

> I think you misunderstand what I mean by a Layer3 Switch.

 

Expensive, especially when I can get a 24 port layer 2 10/100/1000 for $180

+ $50 for a NAT router to bridge between my segment and the rest of the

building.

Guest Bill Grant

Guest Bill Grant

Posted
Posted

Re: One network, two domains

 

 

 

"Wowbagger" <Wowbagger~~> wrote in message

news:#VnrHYM2IHA.416@TK2MSFTNGP04.phx.gbl...

> "Bill Grant" <not.available@online> wrote in message news:ehtQvi%

>

>> Can you get the sysadmin of the first domain to reserve a block of IPs

>> in the DHCP scope?

>

> Unfortunately, no. I'm 100% on my own with this. Some day I'll be able

> to physically separate the two - a switch plus a NAT to bridge between my

> segment and everybody else would probably do the trick.

>

>

Yes, that would do it. It is possible to run your own "logical" network

in its own IP subnet on the same wire and use NAT. You would use one of your

machines (not the DC) as a NAT router between your network and the existing

network. eg

 

Gateway router

192.168.1.254

|

Domain 1

192.168.1.x dg 192.168.1.254 config from DHCP

|

192.168.1.253 dg 192.168.1.254

NAT

192.168.31.254 dg blank

|

Domain 2

192.168.31.x dg 192.168.31.254 manual config

 

All machines are connected to the same switch, but are logically separate

networks because they are in different IP subnets. Domain 2 machines can

reach the Internet via NAT and the gateway router, but Domain 1 cannot see

Domain 2 machines because NAT only routes one way. You only need one IP

from the parent network for the "public" IP of your NAT router.

Guest Phillip Windell

Guest Phillip Windell

Posted
Posted

Re: One network, two domains

 

That would work,...but,...

 

1. Running NAT in the middle of a LAN isn't such a great idea in general.

It should be normal routing (no NAT) with maybe possibly ACLs on the LAN

Router.

 

2. You are talking about "home user" equipment that has less

capability/flexability and has a high hardware failure rate compared to

commercial equipment. The old saying, "You get what you pay for" is still

true.

 

--

Phillip Windell

http://www.wandtv.com

 

The views expressed, are my own and not those of my employer, or Microsoft,

or anyone else associated with me, including my cats.

-----------------------------------------------------

 

 

"Wowbagger" <Wowbagger~~> wrote in message

news:eM6ecdM2IHA.4476@TK2MSFTNGP06.phx.gbl...

> "Phillip Windell" <philwindell@hotmail.com> wrote in message

> news:Owbb8sF2IHA.4004@TK2MSFTNGP03.phx.gbl...

>

>> I think you misunderstand what I mean by a Layer3 Switch.

>

> Expensive, especially when I can get a 24 port layer 2 10/100/1000 for

> $180 + $50 for a NAT router to bridge between my segment and the rest of

> the building.

>

>

 Share
Go to topic listing
×
×
  • Create New...